- Getting started
- Notifications
- Licensing
- Troubleshooting
- Connector Builder
- Act! 365
- ActiveCampaign
- Active Directory - Preview
- Adobe Acrobat Sign
- Adobe PDF Services
- Amazon Bedrock
- Amazon Connect
- Amazon Polly
- Amazon SES
- Amazon Transcribe
- Amazon Web Services
- About the Amazon Web Services connector
- Amazon Web Services authentication
- Anthropic Claude
- Asana
- AWeber
- Azure AI Document Intelligence
- Azure Maps
- BambooHR
- Box
- Brevo
- Calendly
- Campaign Monitor
- Cisco Webex Teams
- Citrix Hypervisor
- Citrix ShareFile
- Clearbit
- Confluence Cloud
- Constant Contact
- Coupa
- CrewAI – Preview
- Customer.io
- Databricks Agent
- Datadog
- DeepSeek
- Deputy
- Discord - Preview
- DocuSign
- Drip
- Dropbox
- Dropbox Business
- Egnyte
- Eventbrite
- Exchangerates
- Exchange Server - Preview
- Expensify
- Facebook
- Freshbooks
- Freshdesk
- Freshsales
- Freshservice
- GetResponse
- GitHub
- Gmail
- Google Cloud Platform
- Google Docs
- Google Drive
- Google Forms - Preview
- Google Maps
- Google Sheets
- Google Speech-to-Text
- Google Text-to-Speech
- Google Tasks - Preview
- Google Vertex
- Google Vision
- Google Workspace
- GoToWebinar
- Greenhouse
- Hootsuite
- HTTP Webhook - Preview
- Hubspot CRM
- HubSpot Marketing
- HyperV - Preview
- Icertis
- iContact
- Insightly CRM
- Intercom
- Jina.ai
- Jira
- Keap
- Klaviyo
- LinkedIn
- Mail
- Mailchimp
- Mailgun
- Mailjet
- MailerLite
- Marketo
- Microsoft 365
- Microsoft Azure
- Microsoft Azure Active Directory
- Microsoft Azure AI Foundry
- Microsoft Azure OpenAI
- Microsoft Dynamics 365 CRM
- Microsoft OneDrive & Sharepoint
- Microsoft Outlook 365
- Microsoft Power Automate
- Microsoft Sentiment
- Microsoft Teams
- Microsoft Translator
- Microsoft Vision
- Miro
- NetIQ eDirectory
- Okta
- OpenAI
- OpenAI V1 Compliant LLM
- Oracle Eloqua
- Oracle NetSuite
- PagerDuty
- PayPal
- PDFMonkey
- Perplexity
- Pinecone
- Pipedrive
- QuickBooksOnline
- Quip
- Salesforce
- Salesforce AgentForce & Flows – Preview
- Salesforce Marketing Cloud
- SAP BAPI
- SAP Cloud for Customer
- SAP Concur
- SAP OData
- SendGrid
- ServiceNow
- Shopify
- Slack
- SmartRecruiters
- Smartsheet
- Snowflake
- Snowflake Cortex
- Stripe
- Sugar Enterprise
- Sugar Professional
- Sugar Sell
- Sugar Serve
- System Center - Preview
- TangoCard
- Todoist
- Trello
- Twilio
- UiPath Data Fabric – Preview
- UiPath GenAI Activities
- UiPath Orchestrator - Preview
- X (formerly Twitter)
- Xero
- watsonx.ai
- WhatsApp Business
- WooCommerce
- Workable
- Workday
- Workday REST
- VMware ESXi vSphere
- YouTube
- Zendesk
- Zoho Campaigns
- Zoho Desk
- Zoho Mail
- Zoom
- ZoomInfo
Integration Service user guide
- For Access Key
authentication method:
- Access key ID (the access key used to connect to Amazon Web Services)
- Secret access key (the secret key used to connect to Amazon Web Services)
- Temporary session token (used to create the AWS client session)
- Region (specifies the AWS Region to connect to)
- For Access key assume
role authentication method:
- Access key ID (the access key used to connect to Amazon Web Services)
- Secret access key (the secret key used to connect to Amazon Web Services)
- IAM role (specifies the name of the IAM role)
- Temporary session token (used to create the AWS client session)
- Region (specifies the AWS Region to connect to)
- For UiPath Managed Cross-Account Assume Role authentication
method:
- IAM role ARN
- External ID
- Region (specifies the AWS Region to connect to)
To create an Access key assume role connection, first follow these steps:
- Navigate to AWS console > IAM > Role.
- Select Create Role.
- Select Custom Trust Policy.
- Attach the custom trust
policy, as shown in the following code
section:
{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Principal": { "AWS": "<user ARN>" }, "Action": "sts:AssumeRole" } ] }{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Principal": { "AWS": "<user ARN>" }, "Action": "sts:AssumeRole" } ] } - Add the permissions needed to be assigned to the user.
- Fill all the required details and then select Create.
- The UiPath Robot running the automation must be deployed in an AWS EC2 instance to which the specified IAM Role is attached, as described here.
This type of connection uses temporary STS credentials instead of long-term IAM keys to securely access AWS resources (S3, EC2, DynamoDB, Bedrock). You only need to provide minimal inputs and complete a one-time AWS account setup, no IAM access keys or secrets required.
UiPath will create and manage a different IAM user per customer, guaranteeing that the AWS access will be isolated at the UiPath organisation level.
This authentication method supports only one role per customer. You can use the role to create multiple connections, but you cannot create multiple IAM roles for multiple connections.
To create a connection:
- Provide the ARN of the IAM Role
that UiPath should assume.
This Role ARN will be incorporated into an IAM user's permissions policy. The IAM user is created and managed by UiPath specifically and isolated for each customer.
-
Configure IAM role's trust policy.
Update the IAM Role trust policy to allow assumption by UiPath’s IAM user.
- UiPath will share the ARN of its IAM user created specifically for your customer account.
- You must add the UiPath IAM user ARN into the Principal element of the role’s trust policy.
- We require an External ID as an extra safety safeguard in third-party
access scenarios and to help prevent the confused deputy problem. This
can be any string of your choosing. To configure it, add a condition
with
sts:ExternalIdas in the example below. The External Id is passed to UiPath during the actual Integration Service connection creation.Example policy format:
{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Principal": { "AWS": "<UiPath IAM user ARN>" }, "Action": "sts:AssumeRole", "Condition": { "StringEquals": { "sts:ExternalId": "<your External Id>" } } } ] }{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Principal": { "AWS": "<UiPath IAM user ARN>" }, "Action": "sts:AssumeRole", "Condition": { "StringEquals": { "sts:ExternalId": "<your External Id>" } } } ] }
- Configure IAM role’s permission
policies.
For example:
- S3: List/Get/Put on specific buckets.
- Bedrock: InvokeModel, InvokeModelWithResponseStream.
Important:The IAM role must be granted the minimum set of permissions required for your specific use case. For example, if the use case involves reading objects from an S3 bucket, the role should only have read-only access to that specific bucket. A sample policy for such a use case would look as follows:
{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "s3:GetObject", "s3:ListBucket" ], "Resource": [ "arn:aws:s3:::your-bucket-name", "arn:aws:s3:::your-bucket-name/*" ] } ] }{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "s3:GetObject", "s3:ListBucket" ], "Resource": [ "arn:aws:s3:::your-bucket-name", "arn:aws:s3:::your-bucket-name/*" ] } ] } - Add the Amazon Web Services connection in Integration Service.
- Select Integration Service from the left rail.
- From the Connectors list, select Amazon Web Services. You can also use the search bar to narrow down the connector.
- Select the Connect to Amazon Web Services button.
- From the Authentication Type field, select
one of the three options: Access key, Access key assume role, or UiPath
Managed Cross Account Assume Role. By default, Access key is selected.
-
Enter the required credentials for your preferred authentication method and select Connect.
- Your connection has been added.
